1. Field of the Invention
The present embodiments relates to methods, systems, and programs for managing security in a network storage device.
2. Description of the Related Art
Network storage—also referred to as network storage systems, network storage devices, storage arrays, or simply storage systems—is computer data storage that is connected to a computer network and provides data access to heterogeneous clients. Typically, network storage systems process a large amount of Input/Output (IO) requests, and high availability, speed, and reliability are desirable characteristics of network storage.
Oftentimes, the storage system encrypts the data before permanently storing the data (e.g., in disk drives). For example, some government institutions required that the data on the disk be encrypted. This way, if the disk drives are stolen, the data stored in the drives is not compromised. It is critical for the security of the storage system to manage the encryption keys appropriately so the data is not compromised.
Some environments have highly secured physical access to the actual storage device, which means that there is not a serious concern that someone may steal the storage device. However, other environments may reside in remote physical locations that do not have reliable physical security to the storage device. If a malicious user steals the storage device and tries to access the data, it is imperative that the thief does not have access to the encryption keys for reading the stored data.
What is needed is a storage system that can be secured in data centers with controlled physical access protection, as well as in data centers without controlled physical access protection.
It is in this context that embodiments arise.